Job Title

About RISA Labs Cancer patients face not just a disease, but a broken system where delays in treatment are common due to outdated, error-prone workflows. RISA Labs is changing that with our Business Operating System as a Service (BOSS) - a powerful platform built for the vertical complexity of healthcare, that transforms healthcare operations. Unlike simple automation tools, BOSS breaks down complex workflows into small tasks, managed by smart AI agents like LLMs, digital twins, and reinforcement learners. This creates a digital workforce that doubles the efficiency of healthcare teams, letting a 1,000-person institution operate like it has 2,000 staff overnight. Founders RISA was founded by Kshitij Jaggi and Kumar Shivang, IIT Kanpur alumni with a proven track record from their previous healthcare startup, Urban Health. Their vision is to streamline oncology care through cutting-edge technology. Funding RISA Labs is backed by $3.5 million in seed funding, led by Flipkart co-founder Binny Bansal, with support from Oncology Ventures, General Catalyst, z21 Ventures, Odd Bird VC, and angel investor Ashish Gupta. Role Overview As a Compliance Manager, you will oversee and manage the implementation, maintenance, and monitoring of RISA Labs’ compliance frameworks — including HIPAA , SOC 2 , ISO 27701 , and HiTrust . You’ll collaborate across engineering, legal, operations, and security to ensure our platform and internal practices meet industry, regulatory, and partner standards. This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments. Responsibilities Compliance Program Management: Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2, ISO 27701, and HiTrust Audit & Certification Readiness: Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders Policy Development: Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards Risk Management: Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk Cross-Functional Collaboration: Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design Security & Privacy Oversight: Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices Employee Training & Awareness: Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers Regulatory Monitoring: Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment Reporting: Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts Qualifications 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizations Deep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processes Strong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principles Experience working cross-functionally with product, security, legal, and engineering teams Excellent writing, policy drafting, and documentation skills High integrity and attention to detail, able to manage sensitive information and operate with discretion Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP Bachelor’s degree in a related field (Information Security, Law, Business, or equivalent experience)